Providing the option to not store end-user IP addresses, and by default, not storing the IP addresses of end-users from countries within the EU.

For all clients, beginning on May 21st, 2018, we will discontinue building data models with data nor will we monetize any EU user data with our business and analytics partners. For our Enterprise clients, we have introduced a Data Processor Agreement (DPA) which formally designates us as a Processor for all data.

Releasing updated versions of our SDKs to make it easier for our clients to prevent user data from being sent to OneSignal until a user explicitly consents,

Adding support to our API for the deletion of user data. Additionally, we are reducing our data retention period of deleted data to 72 hours.

Updating our user data exporting capabilities to make it easier to search for and export user data from OneSignal. This will help our clients meet individual user requests for restriction, erasure, and data portability.

Preparing a guide on how to use OneSignal for push notifications without sending us personal user data.

Click to expand...

The only thing the mod sent to OneSignal is the tags. Which was user id, a forum id (if guest) and an encrypted string for validation.

The push request only sends a user id/and short message which has to be sent.

Id lump it into the privacy policy, where you have your cookie policy already right?

Something like:

If you opt into OneSignal push notifications, in order to provide this service will send some data to them in order to full fill this request. Information being sent will be:

Your forum user id.
An encrypted version of your forum user id.
The message that you see in the push notice.

OneSignal does not store the ip address of end-users from the EU, it does not build any data models or monetize any EU data collected by the use of this service.

Click to expand...

With this policy change it should also quieten the pandemonium on this thread in earlier posts about how wide reaching the use of user data was.